<?php

require('includes/application_top.php');
require_once('includes/classes/http_client.php');

// if the customer is not logged on, redirect them to the login page

if (!$account->isRegistered())
{
	$navigation->setSnapshot(array('mode' => 'SSL', 'page' => FILENAME_CHECKOUT_PAYMENT));
	tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));
}

// if there is nothing in the customers cart, redirect them to the shopping
// cart page
if ($cart->count_contents() < 1)
{
	tep_redirect(tep_href_link(FILENAME_SHOPPING_CART));
}

// TODO: Find out exactly what's going on here and make sure it works the way
// it should!

// avoid hack attempts during the checkout procedure by checking the internal
// cartID
if (isset($cart->cartID) && $session->isRegistered('cartID')) {
	if ($cart->cartID != $cartID) {
		tep_redirect(tep_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL'));
	}
}

// register a random ID in the session to check throughout the 
// checkout procedure against alterations in the shopping cart contents
if (!$session->isRegistered('cartID'))
{
	$session->register('cartID');
}

$cartID = $cart->cartID;

$order2 = new Order2($customer_id);
echo '!<br />';
print_r($order2);

//switch($stage)
switch($HTTP_GET_VARS['stage'])
{
case 'success':
	checkoutSuccess();
	break;
	
case 'process':
	checkoutProcess();
	break;
	
case 'confirmation':
	checkoutConfirmation();
	break;
	
case 'payment_address':
	checkoutPaymentAddress();
	break;
	
case 'payment':
	checkoutPayment();
	break;
	
case 'shipping_address';
	checkoutShippingAddress();
	break;
	
case 'shipping':
	// The default stage
	
default:
	checkoutShipping($order2, $cart);
	$template = 'checkout_shipping.tpl';
	break;
}

// Finish and output

echo '!!<br />';
print_r($order2);

$theme->config_load('checkout.conf');
$theme->assign_by_ref('order', $order2);
$theme->display($template);

require(DIR_WS_INCLUDES . 'application_bottom.php');

// Checkout shipping
function checkoutShipping($order, $cart)
{
	global $customer_id, $HTTP_POST_VARS, $session;
	
	$addressBook = new addressBook($customer_id);
	
	// if no shipping destination address was selected, use the customers own
	// address as default
	if (!$session->isRegistered('sendto'))
	{
		$order->setShippingAddress($addressBook->getPrimaryAddress());
		
		// TODO: This session stuff should be in the order class?
		//$session->register('sendto');
	}
	
	else
	{
		// verify the selected shipping address
		if (!$order->setShippingAddress($addressBook->getAddressById($sendto)))
		{
			$order->setShippingAddress($addressBook->getPrimaryAddress());
			
			// TODO: This session stuff should be in the order class?
			//if ($session->isRegistered('shipping'))
			//{
			//	tep_session_unregister('shipping');
			//}
		}
	}
	
	require(DIR_WS_CLASSES . 'order.php');
	$order = new order;
	
	// if the order contains only virtual products, forward the customer to the
	// billing page as a shipping address is not needed
	if ($order->content_type == 'virtual')
	{
		if (!$session->isRegistered('shipping'))
		{
			$session->register('shipping');
		}
		
		$shipping = false;
		$sendto = false;
		tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL'));
	}
	
	$total_weight = $cart->show_weight();
	$total_count = $cart->count_contents();
	
	// load all enabled shipping modules
	require(DIR_WS_CLASSES . 'shipping.php');
	$shipping_modules = new shipping;
	
	if ( defined('MODULE_ORDER_TOTAL_SHIPPING_FREE_SHIPPING') && (MODULE_ORDER_TOTAL_SHIPPING_FREE_SHIPPING == 'true') )
	{
		$pass = false;
		
		switch (MODULE_ORDER_TOTAL_SHIPPING_DESTINATION)
		{
		case 'national':
			if ($order->delivery['country_id'] == STORE_COUNTRY)
			{
				$pass = true;
			}
			
			break;
			
		case 'international':
			if ($order->delivery['country_id'] != STORE_COUNTRY)
			{
				$pass = true;
			}
			
			break;
			
		case 'both':
			$pass = true;
			break;
		}
		
		$free_shipping = false;
		
		if ( ($pass == true) && ($order->info['total'] >= MODULE_ORDER_TOTAL_SHIPPING_FREE_SHIPPING_OVER) )
		{
			$free_shipping = true;
			include(DIR_WS_LANGUAGES . $language . '/modules/order_total/ot_shipping.php');
		}
	}
	
	else
	{
		$free_shipping = false;
	}
	
	// process the selected shipping method
	if ( isset($HTTP_POST_VARS['action']) && ($HTTP_POST_VARS['action'] == 'process') )
	{
		if (!$session->isRegistered('comments'))
		{
			$session->register('comments');
		}
		
		if (tep_not_null($HTTP_POST_VARS['comments']))
		{
			$comments = tep_db_prepare_input($HTTP_POST_VARS['comments']);
		}
		
		if (!$session->isRegistered('shipping'))
		{
			$session->register('shipping');
		}
		
		if ( (tep_count_shipping_modules() > 0) || ($free_shipping == true) )
		{
			if ( (isset($HTTP_POST_VARS['shipping'])) && (strpos($HTTP_POST_VARS['shipping'], '_')) )
			{
				$shipping = $HTTP_POST_VARS['shipping'];
				list($module, $method) = explode('_', $shipping);
				
				if ( is_object($$module) || ($shipping == 'free_free') )
				{
					if ($shipping == 'free_free')
					{
						$quote[0]['methods'][0]['title'] = FREE_SHIPPING_TITLE;
						$quote[0]['methods'][0]['cost'] = '0';
					}
					
					else
					{
						$quote = $shipping_modules->quote($method, $module);
					}
					
					if (isset($quote['error']))
					{
						tep_session_unregister('shipping');
					}
					
					else
					{
						if ( (isset($quote[0]['methods'][0]['title'])) && (isset($quote[0]['methods'][0]['cost'])) )
						{
							$shipping = array(
								'id' => $shipping,
								'title' => (($free_shipping == true) ?  $quote[0]['methods'][0]['title'] : $quote[0]['module'] . ' (' . $quote[0]['methods'][0]['title'] . ')'),
								'cost' => $quote[0]['methods'][0]['cost']
							);
							
							// TODO: This needs to be un-hardcoded again.
							//tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL'));
							tep_redirect('checkout.php?stage=checkout_payment');
						}
					}
				}
				
				else
				{
					tep_session_unregister('shipping');
				}
			}
		}
		
		else
		{
			$shipping = false;
			// TODO: This needs to be un-hardcoded again.
			//tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL'));
			tep_redirect('checkout.php?stage=checkout_payment');
		}
	}
	
	// get all available shipping quotes
	$quotes = $shipping_modules->quote();
	
	/* if no shipping method has been selected, automatically select the cheapest method.  If the modules status was changed when none were available, to save on implementing a javascript force-selection method, also automatically select the cheapest shipping method if more than one module is now enabled */
	
	if ( !$session->isRegistered('shipping') || ( $session->isRegistered('shipping') && ($shipping == false) && (tep_count_shipping_modules() > 1) ) )
	{
		$shipping = $shipping_modules->cheapest();
	}
}

// Checkout shipping address
function checkoutShippingAddress()
{
	global $session;
	
	  // needs to be included earlier to set the success message in the messageStack
	  require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_CHECKOUT_SHIPPING_ADDRESS);
	
	  require(DIR_WS_CLASSES . 'order.php');
	  $order = new order;
	
	// if the order contains only virtual products, forward the customer to the billing page as
	// a shipping address is not needed
	  if ($order->content_type == 'virtual') {
		if (!$session->isRegistered('shipping')) $session->register('shipping');
		$shipping = false;
		if (!$session->isRegistered('sendto')) $session->register('sendto');
		$sendto = false;
		tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL'));
	  }
	
	  $error = false;
	  $process = false;
	  if (isset($HTTP_POST_VARS['action']) && ($HTTP_POST_VARS['action'] == 'submit')) {
	// process a new shipping address
		if (tep_not_null($HTTP_POST_VARS['firstname']) && tep_not_null($HTTP_POST_VARS['lastname']) && tep_not_null($HTTP_POST_VARS['street_address'])) {
		  $process = true;
	
		  if (ACCOUNT_GENDER == 'true') $gender = tep_db_prepare_input($HTTP_POST_VARS['gender']);
		  if (ACCOUNT_COMPANY == 'true') $company = tep_db_prepare_input($HTTP_POST_VARS['company']);
		  $firstname = tep_db_prepare_input($HTTP_POST_VARS['firstname']);
		  $lastname = tep_db_prepare_input($HTTP_POST_VARS['lastname']);
		  $street_address = tep_db_prepare_input($HTTP_POST_VARS['street_address']);
		  if (ACCOUNT_SUBURB == 'true') $suburb = tep_db_prepare_input($HTTP_POST_VARS['suburb']);
		  $postcode = tep_db_prepare_input($HTTP_POST_VARS['postcode']);
		  $city = tep_db_prepare_input($HTTP_POST_VARS['city']);
		  $country = tep_db_prepare_input($HTTP_POST_VARS['country']);
		  if (ACCOUNT_STATE == 'true') {
			if (isset($HTTP_POST_VARS['zone_id'])) {
			  $zone_id = tep_db_prepare_input($HTTP_POST_VARS['zone_id']);
			} else {
			  $zone_id = false;
			}
			$state = tep_db_prepare_input($HTTP_POST_VARS['state']);
		  }
	
		  if (ACCOUNT_GENDER == 'true') {
			if ( ($gender != 'm') && ($gender != 'f') ) {
			  $error = true;
	
			  $messageStack->add('checkout_address', ENTRY_GENDER_ERROR);
			}
		  }
	
		  if (strlen($firstname) < ENTRY_FIRST_NAME_MIN_LENGTH) {
			$error = true;
	
			$messageStack->add('checkout_address', ENTRY_FIRST_NAME_ERROR);
		  }
	
		  if (strlen($lastname) < ENTRY_LAST_NAME_MIN_LENGTH) {
			$error = true;
	
			$messageStack->add('checkout_address', ENTRY_LAST_NAME_ERROR);
		  }
	
		  if (strlen($street_address) < ENTRY_STREET_ADDRESS_MIN_LENGTH) {
			$error = true;
	
			$messageStack->add('checkout_address', ENTRY_STREET_ADDRESS_ERROR);
		  }
	
		  if (strlen($postcode) < ENTRY_POSTCODE_MIN_LENGTH) {
			$error = true;
	
			$messageStack->add('checkout_address', ENTRY_POST_CODE_ERROR);
		  }
	
		  if (strlen($city) < ENTRY_CITY_MIN_LENGTH) {
			$error = true;
	
			$messageStack->add('checkout_address', ENTRY_CITY_ERROR);
		  }
	
		  if (ACCOUNT_STATE == 'true') {
			$zone_id = 0;
			$check_query = tep_db_query("select count(*) as total from " . TABLE_ZONES . " where zone_country_id = '" . (int)$country . "'");
			$check = tep_db_fetch_array($check_query);
			$entry_state_has_zones = ($check['total'] > 0);
			if ($entry_state_has_zones == true) {
			  $zone_query = tep_db_query("select distinct zone_id from " . TABLE_ZONES . " where zone_country_id = '" . (int)$country . "' and (zone_name like '" . tep_db_input($state) . "%' or zone_code like '%" . tep_db_input($state) . "%')");
			  if (tep_db_num_rows($zone_query) == 1) {
				$zone = tep_db_fetch_array($zone_query);
				$zone_id = $zone['zone_id'];
			  } else {
				$error = true;
	
				$messageStack->add('checkout_address', ENTRY_STATE_ERROR_SELECT);
			  }
			} else {
			  if (strlen($state) < ENTRY_STATE_MIN_LENGTH) {
				$error = true;
	
				$messageStack->add('checkout_address', ENTRY_STATE_ERROR);
			  }
			}
		  }
	
		  if ( (is_numeric($country) == false) || ($country < 1) ) {
			$error = true;
	
			$messageStack->add('checkout_address', ENTRY_COUNTRY_ERROR);
		  }
	
		  if ($error == false) {
			$sql_data_array = array('customers_id' => $customer_id,
									'entry_firstname' => $firstname,
									'entry_lastname' => $lastname,
									'entry_street_address' => $street_address,
									'entry_postcode' => $postcode,
									'entry_city' => $city,
									'entry_country_id' => $country);
	
			if (ACCOUNT_GENDER == 'true') $sql_data_array['entry_gender'] = $gender;
			if (ACCOUNT_COMPANY == 'true') $sql_data_array['entry_company'] = $company;
			if (ACCOUNT_SUBURB == 'true') $sql_data_array['entry_suburb'] = $suburb;
			if (ACCOUNT_STATE == 'true') {
			  if ($zone_id > 0) {
				$sql_data_array['entry_zone_id'] = $zone_id;
				$sql_data_array['entry_state'] = '';
			  } else {
				$sql_data_array['entry_zone_id'] = '0';
				$sql_data_array['entry_state'] = $state;
			  }
			}
	
			if (!$session->isRegistered('sendto')) $session->register('sendto');
	
			tep_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array);
	
			$sendto = tep_db_insert_id();
	
			if ($session->isRegistered('shipping')) tep_session_unregister('shipping');
	
			tep_redirect(tep_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL'));
		  }
	// process the selected shipping destination
		} elseif (isset($HTTP_POST_VARS['address'])) {
		  $reset_shipping = false;
		  if ($session->isRegistered('sendto')) {
			if ($sendto != $HTTP_POST_VARS['address']) {
			  if ($session->isRegistered('shipping')) {
				$reset_shipping = true;
			  }
			}
		  } else {
			$session->register('sendto');
		  }
	
		  $sendto = $HTTP_POST_VARS['address'];
	
		  $check_address_query = tep_db_query("select count(*) as total from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int)$customer_id . "' and address_book_id = '" . (int)$sendto . "'");
		  $check_address = tep_db_fetch_array($check_address_query);
	
		  if ($check_address['total'] == '1') {
			if ($reset_shipping == true) tep_session_unregister('shipping');
			tep_redirect(tep_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL'));
		  } else {
			tep_session_unregister('sendto');
		  }
		} else {
		  if (!$session->isRegistered('sendto')) $session->register('sendto');
		  $sendto = $customer_default_address_id;
	
		  tep_redirect(tep_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL'));
		}
	  }
	
	// if no shipping destination address was selected, use their own address as default
	  if (!$session->isRegistered('sendto')) {
		$sendto = $customer_default_address_id;
	  }
	
	  $addresses_count = tep_count_customer_address_book_entries();
	
	$addresses_query = tep_db_query("select address_book_id, entry_firstname as firstname, entry_lastname as lastname, entry_company as company, entry_street_address as street_address, entry_suburb as suburb, entry_city as city, entry_postcode as postcode, entry_state as state, entry_zone_id as zone_id, entry_country_id as country_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int)$customer_id . "'");
	$addresses_array = array();
	
	while ($addresses = tep_db_fetch_array($addresses_query)) {
		$addresses_array[] = $addresses;
	}
	
	$theme->assign('sendto', $sendto);
	$theme->assign('process', $process);
	$theme->assign('addresses_count', $addresses_count);
	$theme->assign('addresses', $addresses_array);
	
	$template = 'checkout_shipping_address.tpl';
}

// Checkout payment
function checkoutPayment()
{
	global $session;
	
	// if no shipping method has been selected, redirect the customer to the shipping method selection page
	if (!$session->isRegistered('shipping')) {
		tep_redirect(tep_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL'));
	}
	
	// avoid hack attempts during the checkout procedure by checking the internal cartID
	if (isset($cart->cartID) && $session->isRegistered('cartID')) {
		if ($cart->cartID != $cartID) {
			tep_redirect(tep_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL'));
		}
	}
	
	// Stock Check
	if ( (STOCK_CHECK == 'true') && (STOCK_ALLOW_CHECKOUT != 'true') ) {
		$products = $cart->get_products();
		
		for ($i=0, $n=sizeof($products); $i<$n; $i++) {
			if (tep_check_stock($products[$i]['id'], $products[$i]['quantity'])) {
				tep_redirect(tep_href_link(FILENAME_SHOPPING_CART));
				break;
			}
		}
	}
	
	// if no billing destination address was selected, use the customers own address as default
	if (!$session->isRegistered('billto')) {
		$session->register('billto');
		$billto = $customer_default_address_id;
	} else {
		// verify the selected billing address
		$check_address_query = tep_db_query("select count(*) as total from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int)$customer_id . "' and address_book_id = '" . (int)$billto . "'");
		$check_address = tep_db_fetch_array($check_address_query);
	
		if ($check_address['total'] != '1') {
			$billto = $customer_default_address_id;
			
			if ($session->isRegistered('payment')) {
				tep_session_unregister('payment');
			}
		}
	}
	
	require(DIR_WS_CLASSES . 'order.php');
	$order = new order;
	
	if (!$session->isRegistered('comments')) {
		$session->register('comments');
	}
	
	$total_weight = $cart->show_weight();
	$total_count = $cart->count_contents();
	
	// load all enabled payment modules
	require(DIR_WS_CLASSES . 'payment.php');
	$payment_modules = new payment;
	
	$template = 'checkout_payment.tpl';
}

// Checkout payment address
function checkoutPaymentAddress()
{
	global $session;
	
	// needs to be included earlier to set the success message in the messageStack
	  require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_CHECKOUT_PAYMENT_ADDRESS);
	
	  $error = false;
	  $process = false;
	  if (isset($HTTP_POST_VARS['action']) && ($HTTP_POST_VARS['action'] == 'submit')) {
	// process a new billing address
		if (tep_not_null($HTTP_POST_VARS['firstname']) && tep_not_null($HTTP_POST_VARS['lastname']) && tep_not_null($HTTP_POST_VARS['street_address'])) {
		  $process = true;
	
		  if (ACCOUNT_GENDER == 'true') $gender = tep_db_prepare_input($HTTP_POST_VARS['gender']);
		  if (ACCOUNT_COMPANY == 'true') $company = tep_db_prepare_input($HTTP_POST_VARS['company']);
		  $firstname = tep_db_prepare_input($HTTP_POST_VARS['firstname']);
		  $lastname = tep_db_prepare_input($HTTP_POST_VARS['lastname']);
		  $street_address = tep_db_prepare_input($HTTP_POST_VARS['street_address']);
		  if (ACCOUNT_SUBURB == 'true') $suburb = tep_db_prepare_input($HTTP_POST_VARS['suburb']);
		  $postcode = tep_db_prepare_input($HTTP_POST_VARS['postcode']);
		  $city = tep_db_prepare_input($HTTP_POST_VARS['city']);
		  $country = tep_db_prepare_input($HTTP_POST_VARS['country']);
		  if (ACCOUNT_STATE == 'true') {
			if (isset($HTTP_POST_VARS['zone_id'])) {
			  $zone_id = tep_db_prepare_input($HTTP_POST_VARS['zone_id']);
			} else {
			  $zone_id = false;
			}
			$state = tep_db_prepare_input($HTTP_POST_VARS['state']);
		  }
	
		  if (ACCOUNT_GENDER == 'true') {
			if ( ($gender != 'm') && ($gender != 'f') ) {
			  $error = true;
	
			  $messageStack->add('checkout_address', ENTRY_GENDER_ERROR);
			}
		  }
	
		  if (strlen($firstname) < ENTRY_FIRST_NAME_MIN_LENGTH) {
			$error = true;
	
			$messageStack->add('checkout_address', ENTRY_FIRST_NAME_ERROR);
		  }
	
		  if (strlen($lastname) < ENTRY_LAST_NAME_MIN_LENGTH) {
			$error = true;
	
			$messageStack->add('checkout_address', ENTRY_LAST_NAME_ERROR);
		  }
	
		  if (strlen($street_address) < ENTRY_STREET_ADDRESS_MIN_LENGTH) {
			$error = true;
	
			$messageStack->add('checkout_address', ENTRY_STREET_ADDRESS_ERROR);
		  }
	
		  if (strlen($postcode) < ENTRY_POSTCODE_MIN_LENGTH) {
			$error = true;
	
			$messageStack->add('checkout_address', ENTRY_POST_CODE_ERROR);
		  }
	
		  if (strlen($city) < ENTRY_CITY_MIN_LENGTH) {
			$error = true;
	
			$messageStack->add('checkout_address', ENTRY_CITY_ERROR);
		  }
	
		  if (ACCOUNT_STATE == 'true') {
			$zone_id = 0;
			$check_query = tep_db_query("select count(*) as total from " . TABLE_ZONES . " where zone_country_id = '" . (int)$country . "'");
			$check = tep_db_fetch_array($check_query);
			$entry_state_has_zones = ($check['total'] > 0);
			if ($entry_state_has_zones == true) {
			  $zone_query = tep_db_query("select distinct zone_id from " . TABLE_ZONES . " where zone_country_id = '" . (int)$country . "' and (zone_name like '" . tep_db_input($state) . "%' or zone_code like '%" . tep_db_input($state) . "%')");
			  if (tep_db_num_rows($zone_query) == 1) {
				$zone = tep_db_fetch_array($zone_query);
				$zone_id = $zone['zone_id'];
			  } else {
				$error = true;
	
				$messageStack->add('checkout_address', ENTRY_STATE_ERROR_SELECT);
			  }
			} else {
			  if (strlen($state) < ENTRY_STATE_MIN_LENGTH) {
				$error = true;
	
				$messageStack->add('checkout_address', ENTRY_STATE_ERROR);
			  }
			}
		  }
	
		  if ( (is_numeric($country) == false) || ($country < 1) ) {
			$error = true;
	
			$messageStack->add('checkout_address', ENTRY_COUNTRY_ERROR);
		  }
	
		  if ($error == false) {
			$sql_data_array = array('customers_id' => $customer_id,
									'entry_firstname' => $firstname,
									'entry_lastname' => $lastname,
									'entry_street_address' => $street_address,
									'entry_postcode' => $postcode,
									'entry_city' => $city,
									'entry_country_id' => $country);
	
			if (ACCOUNT_GENDER == 'true') $sql_data_array['entry_gender'] = $gender;
			if (ACCOUNT_COMPANY == 'true') $sql_data_array['entry_company'] = $company;
			if (ACCOUNT_SUBURB == 'true') $sql_data_array['entry_suburb'] = $suburb;
			if (ACCOUNT_STATE == 'true') {
			  if ($zone_id > 0) {
				$sql_data_array['entry_zone_id'] = $zone_id;
				$sql_data_array['entry_state'] = '';
			  } else {
				$sql_data_array['entry_zone_id'] = '0';
				$sql_data_array['entry_state'] = $state;
			  }
			}
	
			if (!$session->isRegistered('billto')) $session->register('billto');
	
			tep_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array);
	
			$billto = tep_db_insert_id();
	
			if ($session->isRegistered('payment')) tep_session_unregister('payment');
	
			tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL'));
		  }
	// process the selected billing destination
		} elseif (isset($HTTP_POST_VARS['address'])) {
		  $reset_payment = false;
		  if ($session->isRegistered('billto')) {
			if ($billto != $HTTP_POST_VARS['address']) {
			  if ($session->isRegistered('payment')) {
				$reset_payment = true;
			  }
			}
		  } else {
			$session->register('billto');
		  }
	
		  $billto = $HTTP_POST_VARS['address'];
	
		  $check_address_query = tep_db_query("select count(*) as total from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . $customer_id . "' and address_book_id = '" . $billto . "'");
		  $check_address = tep_db_fetch_array($check_address_query);
	
		  if ($check_address['total'] == '1') {
			if ($reset_payment == true) tep_session_unregister('payment');
			tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL'));
		  } else {
			tep_session_unregister('billto');
		  }
	// no addresses to select from - customer decided to keep the current assigned address
		} else {
		  if (!$session->isRegistered('billto')) $session->register('billto');
		  $billto = $customer_default_address_id;
	
		  tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL'));
		}
	  }
	
	// if no billing destination address was selected, use their own address as default
	  if (!$session->isRegistered('billto')) {
		$billto = $customer_default_address_id;
	  }
	
	$addresses_count = tep_count_customer_address_book_entries();
	
	$addresses_query = tep_db_query("select address_book_id, entry_firstname as firstname, entry_lastname as lastname, entry_company as company, entry_street_address as street_address, entry_suburb as suburb, entry_city as city, entry_postcode as postcode, entry_state as state, entry_zone_id as zone_id, entry_country_id as country_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . $customer_id . "'");
	$addresses_array = array();
	
	while ($addresses = tep_db_fetch_array($addresses_query)) {
		$addresses_array[] = $addresses;
	}
	
	$template = 'checkout_payment.tpl';
}

// Checkout confirmation
function checkoutConfirmation()
{
	global $session;
	
	// if no shipping method has been selected, redirect the customer to the shipping method selection page
	if (!$session->isRegistered('shipping')) {
		tep_redirect(tep_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL'));
	}
	
	if (!$session->isRegistered('payment')) {
		$session->register('payment');
	}
	
	if (isset($HTTP_POST_VARS['payment'])) {
		$payment = $HTTP_POST_VARS['payment'];
	}
	
	if (!$session->isRegistered('comments')) {
		$session->register('comments');
	}
	
	if (tep_not_null($HTTP_POST_VARS['comments'])) {
		$comments = tep_db_prepare_input($HTTP_POST_VARS['comments']);
	}
	
	// load the selected payment module
	require(DIR_WS_CLASSES . 'payment.php');
	$payment_modules = new payment($payment);
	
	require(DIR_WS_CLASSES . 'order.php');
	$order = new order;
	
	$payment_modules->update_status();
	
	if ( ( is_array($payment_modules->modules) && (sizeof($payment_modules->modules) > 1) && !is_object($$payment) ) || (is_object($$payment) && ($$payment->enabled == false)) ) {
		tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, 'error_message=' . urlencode(ERROR_NO_PAYMENT_MODULE_SELECTED), 'SSL'));
	}
	
	if (is_array($payment_modules->modules)) {
		$payment_modules->pre_confirmation_check();
	}
	
	// load the selected shipping module
	require(DIR_WS_CLASSES . 'shipping.php');
	$shipping_modules = new shipping($shipping);
	
	require(DIR_WS_CLASSES . 'order_total.php');
	$order_total_modules = new order_total;
	
	// Stock Check
	$any_out_of_stock = false;
	
	if (STOCK_CHECK == 'true') {
		for ($i=0, $n=sizeof($order->products); $i<$n; $i++) {
			if (tep_check_stock($order->products[$i]['id'], $order->products[$i]['qty'])) {
				$any_out_of_stock = true;
			}
		}
		
		// Out of Stock
		if ( (STOCK_ALLOW_CHECKOUT != 'true') && ($any_out_of_stock == true) ) {
			tep_redirect(tep_href_link(FILENAME_SHOPPING_CART));
		}
	}
	
	$template = 'checkout_confirmation.tpl';
}

// Checkout process
function checkoutProcess()
{
	global $session;
	
	  if (!$session->isRegistered('sendto')) {
		tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL'));
	  }
	
	  if ( (tep_not_null(MODULE_PAYMENT_INSTALLED)) && (!$session->isRegistered('payment')) ) {
		tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL'));
	 }
	
	// avoid hack attempts during the checkout procedure by checking the internal cartID
	  if (isset($cart->cartID) && $session->isRegistered('cartID')) {
		if ($cart->cartID != $cartID) {
		  tep_redirect(tep_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL'));
		}
	  }
	
	  include(DIR_WS_LANGUAGES . $language . '/' . FILENAME_CHECKOUT_PROCESS);
	
	// load selected payment module
	  require(DIR_WS_CLASSES . 'payment.php');
	  $payment_modules = new payment($payment);
	
	// load the selected shipping module
	  require(DIR_WS_CLASSES . 'shipping.php');
	  $shipping_modules = new shipping($shipping);
	
	  require(DIR_WS_CLASSES . 'order.php');
	  $order = new order;
	
	// load the before_process function from the payment modules
	  $payment_modules->before_process();
	
	  require(DIR_WS_CLASSES . 'order_total.php');
	  $order_total_modules = new order_total;
	
	  $order_totals = $order_total_modules->process();
	
	  $sql_data_array = array('customers_id' => $customer_id,
							  'customers_name' => $order->customer['firstname'] . ' ' . $order->customer['lastname'],
							  'customers_company' => $order->customer['company'],
							  'customers_street_address' => $order->customer['street_address'],
							  'customers_suburb' => $order->customer['suburb'],
							  'customers_city' => $order->customer['city'],
							  'customers_postcode' => $order->customer['postcode'], 
							  'customers_state' => $order->customer['state'], 
							  'customers_country' => $order->customer['country']['title'], 
							  'customers_telephone' => $order->customer['telephone'], 
							  'customers_email_address' => $order->customer['email_address'],
							  'customers_address_format_id' => $order->customer['format_id'], 
							  'delivery_name' => $order->delivery['firstname'] . ' ' . $order->delivery['lastname'], 
							  'delivery_company' => $order->delivery['company'],
							  'delivery_street_address' => $order->delivery['street_address'], 
							  'delivery_suburb' => $order->delivery['suburb'], 
							  'delivery_city' => $order->delivery['city'], 
							  'delivery_postcode' => $order->delivery['postcode'], 
							  'delivery_state' => $order->delivery['state'], 
							  'delivery_country' => $order->delivery['country']['title'], 
							  'delivery_address_format_id' => $order->delivery['format_id'], 
							  'billing_name' => $order->billing['firstname'] . ' ' . $order->billing['lastname'], 
							  'billing_company' => $order->billing['company'],
							  'billing_street_address' => $order->billing['street_address'], 
							  'billing_suburb' => $order->billing['suburb'], 
							  'billing_city' => $order->billing['city'], 
							  'billing_postcode' => $order->billing['postcode'], 
							  'billing_state' => $order->billing['state'], 
							  'billing_country' => $order->billing['country']['title'], 
							  'billing_address_format_id' => $order->billing['format_id'], 
							  'payment_method' => $order->info['payment_method'], 
							  'cc_type' => $order->info['cc_type'], 
							  'cc_owner' => $order->info['cc_owner'], 
							  'cc_number' => $order->info['cc_number'], 
							  'cc_expires' => $order->info['cc_expires'], 
							  'date_purchased' => 'now()', 
							  'orders_status' => $order->info['order_status'], 
							  'currency' => $order->info['currency'], 
							  'currency_value' => $order->info['currency_value']);
	  tep_db_perform(TABLE_ORDERS, $sql_data_array);
	  $insert_id = tep_db_insert_id();
	  for ($i=0, $n=sizeof($order_totals); $i<$n; $i++) {
		$sql_data_array = array('orders_id' => $insert_id,
								'title' => $order_totals[$i]['title'],
								'text' => $order_totals[$i]['text'],
								'value' => $order_totals[$i]['value'], 
								'class' => $order_totals[$i]['code'], 
								'sort_order' => $order_totals[$i]['sort_order']);
		tep_db_perform(TABLE_ORDERS_TOTAL, $sql_data_array);
	  }
	
	  $customer_notification = (SEND_EMAILS == 'true') ? '1' : '0';
	  $sql_data_array = array('orders_id' => $insert_id, 
							  'orders_status_id' => $order->info['order_status'], 
							  'date_added' => 'now()', 
							  'customer_notified' => $customer_notification,
							  'comments' => $order->info['comments']);
	  tep_db_perform(TABLE_ORDERS_STATUS_HISTORY, $sql_data_array);
	
	// initialized for the email confirmation
	  $products_ordered = '';
	  $subtotal = 0;
	  $total_tax = 0;
	
	  for ($i=0, $n=sizeof($order->products); $i<$n; $i++) {
	// Stock Update - Joao Correia
		if (STOCK_LIMITED == 'true') {
		  if (DOWNLOAD_ENABLED == 'true') {
			$stock_query_raw = "SELECT products_quantity, pad.products_attributes_filename 
								FROM " . TABLE_PRODUCTS . " p
								LEFT JOIN " . TABLE_PRODUCTS_ATTRIBUTES . " pa
								 ON p.products_id=pa.products_id
								LEFT JOIN " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " pad
								 ON pa.products_attributes_id=pad.products_attributes_id
								WHERE p.products_id = '" . tep_get_prid($order->products[$i]['id']) . "'";
	// Will work with only one option for downloadable products
	// otherwise, we have to build the query dynamically with a loop
			$products_attributes = $order->products[$i]['attributes'];
			if (is_array($products_attributes)) {
			  $stock_query_raw .= " AND pa.options_id = '" . $products_attributes[0]['option_id'] . "' AND pa.options_values_id = '" . $products_attributes[0]['value_id'] . "'";
			}
			$stock_query = tep_db_query($stock_query_raw);
		  } else {
			$stock_query = tep_db_query("select products_quantity from " . TABLE_PRODUCTS . " where products_id = '" . tep_get_prid($order->products[$i]['id']) . "'");
		  }
		  if (tep_db_num_rows($stock_query) > 0) {
			$stock_values = tep_db_fetch_array($stock_query);
	// do not decrement quantities if products_attributes_filename exists
			if ((DOWNLOAD_ENABLED != 'true') || (!$stock_values['products_attributes_filename'])) {
			  $stock_left = $stock_values['products_quantity'] - $order->products[$i]['qty'];
			} else {
			  $stock_left = $stock_values['products_quantity'];
			}
			tep_db_query("update " . TABLE_PRODUCTS . " set products_quantity = '" . $stock_left . "' where products_id = '" . tep_get_prid($order->products[$i]['id']) . "'");
			if ( ($stock_left < 1) && (STOCK_ALLOW_CHECKOUT == 'false') ) {
			  tep_db_query("update " . TABLE_PRODUCTS . " set products_status = '0' where products_id = '" . tep_get_prid($order->products[$i]['id']) . "'");
			}
		  }
		}
	
	// Update products_ordered (for bestsellers list)
		tep_db_query("update " . TABLE_PRODUCTS . " set products_ordered = products_ordered + " . sprintf('%d', $order->products[$i]['qty']) . " where products_id = '" . tep_get_prid($order->products[$i]['id']) . "'");
	
		$sql_data_array = array('orders_id' => $insert_id, 
								'products_id' => tep_get_prid($order->products[$i]['id']), 
								'products_model' => $order->products[$i]['model'], 
								'products_name' => $order->products[$i]['name'], 
								'products_price' => $order->products[$i]['price'], 
								'final_price' => $order->products[$i]['final_price'], 
								'products_tax' => $order->products[$i]['tax'], 
								'products_quantity' => $order->products[$i]['qty']);
		tep_db_perform(TABLE_ORDERS_PRODUCTS, $sql_data_array);
		$order_products_id = tep_db_insert_id();
	
	//------insert customer choosen option to order--------
		$attributes_exist = '0';
		$products_ordered_attributes = '';
		if (isset($order->products[$i]['attributes'])) {
		  $attributes_exist = '1';
		  for ($j=0, $n2=sizeof($order->products[$i]['attributes']); $j<$n2; $j++) {
			if (DOWNLOAD_ENABLED == 'true') {
			  $attributes_query = "select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix, pad.products_attributes_maxdays, pad.products_attributes_maxcount , pad.products_attributes_filename 
								   from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa 
								   left join " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " pad
									on pa.products_attributes_id=pad.products_attributes_id
								   where pa.products_id = '" . $order->products[$i]['id'] . "' 
									and pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "' 
									and pa.options_id = popt.products_options_id 
									and pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "' 
									and pa.options_values_id = poval.products_options_values_id 
									and popt.language_id = '" . $languages_id . "' 
									and poval.language_id = '" . $languages_id . "'";
			  $attributes = tep_db_query($attributes_query);
			} else {
			  $attributes = tep_db_query("select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa where pa.products_id = '" . $order->products[$i]['id'] . "' and pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "' and pa.options_id = popt.products_options_id and pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "' and pa.options_values_id = poval.products_options_values_id and popt.language_id = '" . $languages_id . "' and poval.language_id = '" . $languages_id . "'");
			}
			$attributes_values = tep_db_fetch_array($attributes);
	
			$sql_data_array = array('orders_id' => $insert_id, 
									'orders_products_id' => $order_products_id, 
									'products_options' => $attributes_values['products_options_name'],
									'products_options_values' => $attributes_values['products_options_values_name'], 
									'options_values_price' => $attributes_values['options_values_price'], 
									'price_prefix' => $attributes_values['price_prefix']);
			tep_db_perform(TABLE_ORDERS_PRODUCTS_ATTRIBUTES, $sql_data_array);
	
			if ((DOWNLOAD_ENABLED == 'true') && isset($attributes_values['products_attributes_filename']) && tep_not_null($attributes_values['products_attributes_filename'])) {
			  $sql_data_array = array('orders_id' => $insert_id, 
									  'orders_products_id' => $order_products_id, 
									  'orders_products_filename' => $attributes_values['products_attributes_filename'], 
									  'download_maxdays' => $attributes_values['products_attributes_maxdays'], 
									  'download_count' => $attributes_values['products_attributes_maxcount']);
			  tep_db_perform(TABLE_ORDERS_PRODUCTS_DOWNLOAD, $sql_data_array);
			}
			$products_ordered_attributes .= "\n\t" . $attributes_values['products_options_name'] . ' ' . $attributes_values['products_options_values_name'];
		  }
		}
	//------insert customer choosen option eof ----
		$total_weight += ($order->products[$i]['qty'] * $order->products[$i]['weight']);
		$total_tax += tep_calculate_tax($total_products_price, $products_tax) * $order->products[$i]['qty'];
		$total_cost += $total_products_price;
	
		$products_ordered .= $order->products[$i]['qty'] . ' x ' . $order->products[$i]['name'] . ' (' . $order->products[$i]['model'] . ') = ' . $currencies->display_price($order->products[$i]['final_price'], $order->products[$i]['tax'], $order->products[$i]['qty']) . $products_ordered_attributes . "\n";
	  }
	
	// lets start with the email confirmation
	  $email_order = STORE_NAME . "\n" . 
					 EMAIL_SEPARATOR . "\n" . 
					 EMAIL_TEXT_ORDER_NUMBER . ' ' . $insert_id . "\n" .
					 EMAIL_TEXT_INVOICE_URL . ' ' . tep_href_link(FILENAME_ACCOUNT_HISTORY_INFO, 'order_id=' . $insert_id, 'SSL', false) . "\n" .
					 EMAIL_TEXT_DATE_ORDERED . ' ' . strftime(DATE_FORMAT_LONG) . "\n\n";
	  if ($order->info['comments']) {
		$email_order .= tep_db_output($order->info['comments']) . "\n\n";
	  }
	  $email_order .= EMAIL_TEXT_PRODUCTS . "\n" . 
					  EMAIL_SEPARATOR . "\n" . 
					  $products_ordered . 
					  EMAIL_SEPARATOR . "\n";
	
	  for ($i=0, $n=sizeof($order_totals); $i<$n; $i++) {
		$email_order .= strip_tags($order_totals[$i]['title']) . ' ' . strip_tags($order_totals[$i]['text']) . "\n";
	  }
	
	  if ($order->content_type != 'virtual') {
		$email_order .= "\n" . EMAIL_TEXT_DELIVERY_ADDRESS . "\n" . 
						EMAIL_SEPARATOR . "\n" .
						tep_address_label($customer_id, $sendto, 0, '', "\n") . "\n";
	  }
	
	  $email_order .= "\n" . EMAIL_TEXT_BILLING_ADDRESS . "\n" .
					  EMAIL_SEPARATOR . "\n" .
					  tep_address_label($customer_id, $billto, 0, '', "\n") . "\n\n";
	  if (is_object($$payment)) {
		$email_order .= EMAIL_TEXT_PAYMENT_METHOD . "\n" . 
						EMAIL_SEPARATOR . "\n";
		$payment_class = $$payment;
		$email_order .= $payment_class->title . "\n\n";
		if ($payment_class->email_footer) { 
		  $email_order .= $payment_class->email_footer . "\n\n";
		}
	  }
	  tep_mail($order->customer['firstname'] . ' ' . $order->customer['lastname'], $order->customer['email_address'], EMAIL_TEXT_SUBJECT, $email_order, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
	
	// send emails to other people
	  if (SEND_EXTRA_ORDER_EMAILS_TO != '') {
		tep_mail('', SEND_EXTRA_ORDER_EMAILS_TO, EMAIL_TEXT_SUBJECT, $email_order, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
	  }
	
	// load the after_process function from the payment modules
	  $payment_modules->after_process();
	
	  $cart->reset(true);
	
	// unregister session variables used during checkout
	  tep_session_unregister('sendto');
	  tep_session_unregister('billto');
	  tep_session_unregister('shipping');
	  tep_session_unregister('payment');
	  tep_session_unregister('comments');
	
	  tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL'));
}

// Checkout success
function checkoutSuccess()
{
	if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'update')) {
		$notify_string = 'action=notify&';
		$notify = $HTTP_POST_VARS['notify'];
		
		if (!is_array($notify))
			$notify = array($notify);
		
		for ($i=0, $n=sizeof($notify); $i<$n; $i++) {
			$notify_string .= 'notify[]=' . $notify[$i] . '&';
		}
		
		if (strlen($notify_string) > 0)
			$notify_string = substr($notify_string, 0, -1);
		
		tep_redirect(tep_href_link(FILENAME_DEFAULT, $notify_string));
	}
	
	$global_query = tep_db_query("select global_product_notifications from " . TABLE_CUSTOMERS_INFO . " where customers_info_id = '" . (int)$customer_id . "'");
	$global = tep_db_fetch_array($global_query);
	
	if ($global['global_product_notifications'] != '1') {
		$orders_query = tep_db_query("select orders_id from " . TABLE_ORDERS . " where customers_id = '" . (int)$customer_id . "' order by date_purchased desc limit 1");
		$orders = tep_db_fetch_array($orders_query);
	
		$products_array = array();
		$products_query = tep_db_query("select products_id, products_name from " . TABLE_ORDERS_PRODUCTS . " where orders_id = '" . (int)$orders['orders_id'] . "' order by products_name");
		
		while ($products = tep_db_fetch_array($products_query)) {
			$products_array[] = array('id' => $products['products_id'], 'text' => $products['products_name']);
		}
	}
	
	$theme->assign('global', $global);
	$theme->assign('products', $products_array);
	$theme->assign('orders', $orders);
	$theme->assign('HEADING_TITLE', HEADING_TITLE);
	$theme->assign('TEXT_NOTIFY_PRODUCTS', '');
	$theme->assign('TEXT_SEE_ORDERS', '');
	$theme->assign('TEXT_CONTACT_STORE_OWNER', '');
	$theme->assign('TEXT_THANKS_FOR_SHOPPING', '');
	$theme->assign('CHECKOUT_BAR_DELIVERY', '');
	$theme->assign('CHECKOUT_BAR_PAYMENT', '');
	$theme->assign('CHECKOUT_BAR_CONFIRMATION', '');
	$theme->assign('CHECKOUT_BAR_FINISHED', '');
	
	$template = 'checkout_success.tpl';
}

?>
